Over the weekend, GD2K was hit by what I can only describe as a WORM.
A guest sent over 140 @mail messages to GD2K members with the text "For a good laugh, do this" and a very long string of MUSH code. As near as I can tell, the code did the following:
1. Created huge amounts of random garbage in the MUSH database on the player and items of the player that ran the code. For an example, one player had over 5,000 lines of garbage, and one item easily breached the 100,000 line mark. All told, the database grew from its normal size of 3.8 megs to a stupefying 9.6 megs.
2. Emailed itself to several other people on the MUSH using @mail.
3. Either sent itself to, or harvested information of, several dozen other mushes listed on the site's MudNet server.
Anyone who tried to 'examine' a player or object affected by this would suffer a lockup on their mush client, requiring a total disconnect and restart.
As near as I can tell, this may have been intended to crash the MUSH by causing the database to bloat so much. The expansion we saw resulted from only TWO users actually trying the code out. If more people had given it a go, the MUSH almost certainly would have crashed.
The two users/characters and the 8 or 9 damaged objects have all been repaired or replaced. The database appears stable and intact. Rest assured, I intend to pursue this further. In the next few weeks I'll be evaluating our security and any code holes we have. If MudNet turns out to be a factor in this, it will be removed. If having Guest access is part of the problem, we may have to look at eliminating the guest login provision for the MUSH. Other things will be considered and discussed.
I thank you all for your patience and support in identifying and fixing this problem, and if anyone has questions, comments, concerns, etc., please @mail or email or IM me.
--j.
|
